PeerGuardian was one of the first, of not the first, apps built specifically to protect the innocent and for obvious reasons, it's a never-ending work in progress, as all such projects are.

It's been a while since the last upgrade but that'll be fixed within the five to seven days when the newest mark makes its appearance. We'll let you know when and where.

For the moment, "We now have tools to reveal the KaZaA fakers easily and to help inform users of files they should delete to help get rid of the pollution on the network," says Tim L, PG's creator. "But figuring out protocols, researching, etc, all takes time."

On that, Tim says he'd like to talk with other p2p developers so if you're one such, you can initially contact him through the pG site here.

In the meanwhile, Tim works for a living as well as spending a lot of time and effort making sure PG stays ahead of the file sharing game. If he signed on with the opposition (whom I'm sure would dearly love to have him ; ) he could be could be rolling in it now. He's a good guy and he and the other PG builders deserve the thanks of all supporters of Internet Openness everywhere.

The entire crew is dedicated to doing what they can to keep the RIAA and its owners, the labels, honest and at bay - two hopeless tasks, you'll agree - and that's going to be a little harder now that Eremini is having to move back to Russia.

"He provided a lot of help," says Tim. "Gonna be a shame to lose him. But at least we have others who are keen to help - many in fact."

The coming upgrade promises to be a major improvement and we had a chance to sample KaOS (KaZaA Organisation Seeker), inspired by RandomNut of K++ fame and used by the PeerGuardian team to help find new ranges to block.

It connects to KaZaA (via DAT files) and downloads data from all users sharing that file, tags the data with their IP and port and then allows CRC comparison on the files. Or they can be listened to of course : )

"We then have a list of users who have fake (or hash-exploiting) files," says Tim. "First, to protect innocent users from being blocked, they're checked to see whether they have any genuine tracks available. Even if file lists aren't available, other commonly faked files can be easily verified on that user. If we can't check their other files, we can simply request a load of known fakes from them. Quite often this technique leads to finding new servers filled with faked files, either with corrupt mpeg frames or mp3s that start off the same as the genuine ones but then fade off and loop."

The team's biggest problem - which relies on detection by cross-referencing PG's logs - is finding the ones that are passively scanning the networks, says Tim. Thus, baiting these bots/scanners will be the next area.

"There'll be news on this in the next few months," promises Tim, "but for now, we've got more tools to help us and fortunately, those who aggressively attack kazaa with fake files are easy to identify ... even with the hash-exploit techniques they're using lately.

"Ultimately, FasTrack/KaZaA are going to have to add more thorough hashing, more thorough hashing including a CRC table of some sort for each block in file transfers otherwise, those who don't block the IPs required will just end up spreading increasingly corrupted files = and this seems to be the plan so far with Performance Systems International as one of the most active hosts.

"Users who are innocent of intentionally sharing fake files are usually just informed by KaZaA-IM or windows messenger service of the corrupted file(s) they're sharing. We usually take a lot of care to differentiate between innocent users, agents on domestic blocks and server-farms flooding the FT network," Tim emphasises.

And on the PGIPDB, "I agree it isn't perfect," he adds, "But a LOT of the ranges can be easily verified by whois's, others can be verified with kazaa-node-scanning and KaOS-like tools because I'm sure there are others who've worked on something similar such as Paul from kazaalitekpp, who found some ranges quite a while before me. And other people will simply notice patterns if they have their firewalls configured to do full logging."

Jon Newton

Wow. cool. PeerGuardian is awesome software. I look forward to seeing this version out.

I've used PG since it first appeared (I admit it, I'm a security paranoid..)
and like it a lot, and believe it certainly has a valuable place on anyone's box.

What bothers me is that, Kazaa, Morpheus, etc., DO NOT have to legally allow the toadies of the RIAA and MPAA on their network. Like any private business who operate a network which has stored electronic communications, they have the right to establish an authorization requirement for access...and anyone who violates this access, can be held guilty of violation of federal law, USC TITLE 18,Part 1, Chapter 121, Sec. 2701 (Unauthorized access to electonic communications on a network). This is a criminal violation. It would NOT be improper, due to the past actions of the RIAA and its toadies, to have a popup on loading the program, that advises that all persons associated in any way with the RIAA, including but not limited to BayTSP, MEDIADEFENDER,
Ranger, Inc. et al) are specifially banned and forbidden from accessing the Kazaa network. As I have said in other articles I have written on this topic, for Kazaa not to take proactive measures to keep the RIAA toadies out, is a failure of duty to protect proper users from attack by those who violate user agreements.
~code

awsome, can't wait to try it. The current version I could never get to work. kept getting an error. hope this will.

PeerGuardian Rocks, and thnx for the additional info Code. you da man!

Does anyone know what version of PeerGuardian this article is talking about?

I currently having version 1.99, and it works like a charm, especially the ability to update the list of blocked IP addresses. I am currently blocking over 60 million IPs.

I have intalled this Peer Guardian and when I try to use it, I only get an 'run-time error 432' whatever that is.

axxis - you have the current version: this will be an upgrade. I'll post details as soon as I have some; and plag, can't help you there.

Concerning Kazaa, et al:

I don't think Kazaa cares one way or the other. They are a business and they want to make money. Correct me if I'm wrong, but we didn't hear a single peep out of them when Brianna's mom talked about paying for the program, thinking she bought a program that would give her permission to download free music.

One could argue that she still had the responsibility to know what she bought, and what to use it for, but Kazaa was pretty quiet during that whole thing, if you ask me. If they said much, I missed it or I just wasn't paying attention.

I'm going to get this for sure. This is going to be a neverending battle for the RIAA..even if they do manage to get rid of Kazaa and all the others out there right now something else will just spring up and it'll start all over again. This is a perfect example as they started flooding Kazaa with fakes and now we have a way around that. Good luck RIAA you'll need it!!

If Kazaa is going going after people who use K Lite or K++ to access their network (which costs them money because it does not display ads), shouldn't they go after these people using bots because they also do not display ads and are therefore costing them money.

If any had the time or money I think it would be a good idea to set up a computer with fake files and then use the PG date files to only allow p2p enemies access. They would waste their time and resources and find nothing illegal. (This would be called a honey pot and a similar technique is done sometimes as part of network security.)

AverageConsumer- I agree with you. Kazaa has shown a careless disregard for the safety of their customers, and has breached a basic duty to provide a safe networking environment by NOT banning the RIAA and toadies. That's why I support the plus plus version and Kazaa LITE, and was really against Kazaa when it filed a DMCA complaint against Google.

I agree, AverageConsumer. I think Kazaa's unscrupulous, to be honest. Maybe Nikki and company didn't say anything about the Kazaa pay service because they want to avoid possible litigation from Brianna's family for misrepresentation? I know, they probably can't sue Kazaa...especially with their explicit user agreement (which I'm sure that few if any people read). But, it is always a possibility.

Another part of me believes that Kazaa's walking a fine line. They realize their ability to attract file sharers enables them to sell advertising and generate revenues. On the other hand, I think Kazaa's execs want to turn this population into a for-pay service and earn more money. I think they haven't come out strongly against the RIAA against this, because they probably want to keep their options open with the major record companies. If the major record companies attitude changes toward Kazaa, then they might believe they could be used as an avenue to distribute the record companies' music. I dunno. Just me babbling.

Been supporting Peer Guardian for a while now, happy to see it still is moving forward. Great Job guys. RIAA = Reality Isn't Always Acceptable?

UPDATE - I just heard from Tim that the next PG'll be out in five to seven days instead of two weeks.

I'm gonna have to look into PG. I've been using Sygate's personal firewall and Zone Alarm, but am looking to further protect my box. This sounds good.

plag (and anyone else with similar error probs) - just heard from Tim again: ""This version won't give the 432 error on the Win9x/ME systems either as it no longer uses WMI to show the GMT offset for the user."

Why can't someone develop software for P2P apps that does not allow fake files to be on the network? Do you know how frustrating that is when you download three of the same song in a row and they are all fakes? Well, in the mean time i'll just download ten at a time and hope i get the right on.. yes RIAA, you may slow the process down but you ain't stopping it baby! and jfyi, i delete crap files so they don't spread like a virus.. Lick it RIAA!!!

In addition to PeerGuardian, I check out what files are available from the person I want to upload from and see if there are any "indie" (non-Riaa) labels in their list. If so, then I doubt very much that they're an RIAA "plant".

Been using PG for about 3 months now and it does a good job at blocking many sites. I also added the ip block list to my Sygate firewall and use PG in conjunction with Sygate. I can't wait for the new update to come out to give PG more of a workout.

I am having problems though with v1.99. For some reason all of a sudden it's taking up about 95% of the computers resources. If anyone has a clue, let me know.

Meryl, I've thought that same thing for quite a while now.

If done properly, there is a LOT of money to be made online with p2p and paid file services. Nothing any of these guys does right now surprises me, and I sure as heck wouldn't trust them to protect my security.

And the very LAST people I would buy a paid service from is the RIAA.

Feh, I used to whois tons of IPs a week after the list was out, it was totally off after a while. One day makes the difference between blocking BayTSP and gerber baby food.

only problem for me, i cant even run PeerGuardian , my computer is too slow (.

I added the PG IP Data to Sygate too...lol...I've got some many IPs blocked, I can just about come here, go to methlabs, google, and tvguide...
anything else and its 404-site not found..lol

Hopefully they will also work on it's resource usage. PG is great software but it loves to gobble up system resources. At last check it is using 75-80% of system resources on my comp. I know I am not the only one with this particular problem.
It is good to see honest programmers keeping the world safe from RIAA/MPAA spies and keeping the P2P networks free from their pollution.

I'm wondering does PG work with system suite, with no clash's

RE: Thread response from Average Consumer.

You mention that Kazaa has no interest in the happenings and plight of it's software's users. You are right...they are trying to make money. You are also wrong. I believe that they DO actually wish they could get involved, but im betting that the very second that they said anything, did anything, or helped us in any way, they would be sued silly by Uncle Big-Bad (RIAA).

I think they have to stay out of this, I think they MUST stay out of this fight...unless you want to see them and the other P2P software makers go the way of Napster!

The courts have sided with us on the issues of P2P software and the fact that software makers cannot be held responsible for the actions of the users that are on it. (one small step for man, one giant leap for mankind) However, the very moment that one of these software makers takes a stand on our side of the issue, they will give up that protection.

The courts have done all they could to help us in that particular instance, now we have to do some things ourselves. One good thing that we can do is support those that are working on tools and software to protect us.

I have made recommendations before on how to design better p2p software, check my post "A call for better P2P software".

While I admit that im no programmer, never will be, and some of my ideas may not be feasible...I still believe that some of what i suggested would be helpful. We need to come up with a more secure system of file sharing, one that does not allow browsing of hard disks or open discovery of IP numbers. I believe Migrogroove mentioned a "double-blind proxy" system, where two users would share a file thru several other nodes who would act as proxies...the offering user and the recieving user would not know who each other was. That is a method that seems easy to implement.

Ideas such as these are what we should be concentrating on - we cannot possibly win this fight in the court room...too many special interest groups are involved, too much money is at stake, the very idea of copyright and intellectual property would be thrown into kaos - not just for the music industry, but for the rest of the world as well.

No judge in his right mind would find us to be right, even if he believed we were! Simply because of the money involved and the business opportunities lost.

If we want to share music, or anything else for that matter, we must become comfortable with the idea that there will always be someone out there trying to outlaw it, make it criminal, or stop us any way they can. The only way we can continue is to adapt to the current tactics, create better software, and move on.

someone will eventually find a way to stop the new method that we eventually will find. We must always be ready to innovate and adapt. if we hadnt learned this before... none of us would be here now...Napster died and we replaced it with Kazaa, Gnutella, Grokster, iMesh, and a whole host of others...we have to do that again!

This, afterall, was the reason we began this whole thing in the first place. it was not originally about getting free music, it was about finding a new and better way to share things, to find a better way of communicating, to be new and creative! We have to be that way again!

- Jolly Roger.

- Who has the mayonase?!

BTW...I wasnt trying to pick on Average Consumer, I just felt a need to respond to his statement.

- Jolly Roger

NP. If we all agreed on everything, this forum would be very lifeless and quite boring.

I LOVE PG !! since putting it on my system it has blocked SO many IPs. Kind of scary when you think about it. Guess I'm getting a little more paranoid each day..lol. BTW..speaking of fake files, my grandson went on kazza the other day...He wanted to d/l a song..He went to find out what other songs that user had. He called his mom in because that user had like 50 or more of the very same song.I am so glad shes got him involved and aware of whats going on! I bought myself one of those nice anti-riaa hooded sweatshirts, I have decided to give it to him as I think the message will get out to more people. BTW...I have been kind of testing PG on my system. I get very few hits till I turn on one of the P2P's. Imesh, is the worst of them all..I get hammered the minute I turn it on...Morpheus seems to get the least amount of hits...

I don't like the fact that PG is even nessessary. I have it, but don't even use it cause I don't share/download RIAA tunes, so why bother?

Support Local and Independent Music
Shmoo, of Electric Gypsy

Good article. PG is great software!

i don't know if putting pop-ups banning the RIAA from Kazaa would really do anything, especially in the way of lawsuits. Isn't the NET act a US law? If kazaa is based in Australia, they couldn't sue under US Code, could they?